Private Internet Access might not have made it into our top 5 VPN rankings this time around, but it remains one of the best VPNs out there if you’re concerned about privacy. There’s plenty of tough competition in the VPN space for privacy-focused VPNs, but PIA’s combination of real-world tested privacy policies and outstanding security tools ensures it continues to distinguish itself from the rest of the pack. We’re taking a look at just one of these advanced features today – its built-in ad blocker called MACE.
MACE stops ads, trackers, and malware in their tracks thanks to a DNS-level blocklist. You might wonder why an ad blocker like MACE is necessary when browser-based ad blockers already exist. Well, MACE provides an extra layer of defense while taking the strain off your machine and your bandwidth, making it the perfect complement to an existing personal device security setup.
Read on and I’ll explore MACE in detail: how it works, why it’s useful, and how you can enable it.
What is MACE?
MACE is Private Internet Access’s integrated ad, tracker, and malware blocker. Unlike browser-based ad blockers, which rely on scripts running in your browser to filter content, MACE operates at the DNS level.
Essentially, this means that it identifies and blocks requests to known malicious URLs. This ensures that unwanted content is blocked before it ever has a chance to reach your device.
Personalized ads are more than just eerie – they can be downright privacy nightmares. Here’s everything you need to know about targeted ads.
At a basic level, this means that MACE stops banner ads, pop-ups, and other intrusive advertisements. However, you’re also cutting out a lot of behind-the-scenes tracking that those ads use to record your behavior across multiple sites. There’s the added benefit of blocking known malware distribution sites, too.
MACE is available on most PIA client apps, with the notable exception of Android devices. It’s not really PIA’s fault though, as this is actually due to Google’s policies on which apps they’ll host on the Play Store. The MACE feature actually violates their rule about apps not interfering with other apps by blocking ads across the entirety of the device.
Thankfully, PIA continues to host a version of its Android client app on the PIA website which comes with MACE enabled. You’ll have to sideload the APK to get it working, which requires messing around with a few settings on your Android device, but it’s better than not having access to MACE at all.
How Does MACE Work?
To understand how MACE works, you need to know some of the basics of DNS. When you type a URL into your browser, it needs to be translated into an IP address so that a connection can be established with the web server. If your device doesn’t already know the IP, it queries a DNS server to find the corresponding IP address.
Domain Name System servers contain a list of IP address associations with domain names, as well as links to other DNS servers. Collectively, these servers are the equivalent of the internet’s address book. Most of the time, you’re either connected to your ISP’s DNS servers by default or a large DNS provider like Google or Cloudflare.
When you enable MACE, your DNS requests are all directed through one of PIA’s private and encrypted DNS servers instead. This has multiple benefits, but for MACE the key one is that every DNS request you make passes through a regularly updated blocklist which checks for known ad networks or malware providers.
Remember, MACE isn’t a comprehensive malware solution on its own and can’t replace an anti-virus engine
If the URL matches an entry in the blocklist, MACE returns a non-routable IP address instead of the true IP address of the domain. This ensures that all the requests to that domain go nowhere, essentially blocking them entirely.
This approach is great for keeping separate ad networks off your system – but it comes with a few limitations. If the ads are being hosted from the same domain as the rest of the website, MACE isn’t going to catch them. YouTube is a great example of this: all of the ads inserted into your video stream are coming from the same servers as the rest of YouTube’s content.
There are also issues we’ve found in practice with how quickly MACE is updated. It’s not a dynamic, heuristics-based system in the same way that NordVPN’s malware-blocking solutions are. Put simply, MACE uses a static blocklist. If a URL hasn’t been added to it, MACE won’t detect it. This means that newly created malicious domains are more likely to slip past MACE.
When we put this to the test for ourselves, we found that MACE blocked only two out of 100 fresh phishing URLs provided by OpenPhish. We aren’t particularly surprised by these findings, but it’s important to remember that MACE isn’t a comprehensive malware solution on its own. It can’t replace an anti-virus engine, as MACE won’t highlight any malware that’s transferred through methods like email, file-sharing platforms, or physical transmission.
Why Use MACE?
Although MACE has some limitations, there are very few downsides to implementing it into your security setup alongside other ad-blocking tools. Here’s why you want to keep MACE turned on:
- Fewer Ads and Trackers: You’ll notice significantly fewer ads when running MACE. Your web page requests will load faster because of it and you won’t be bombarded with distractions when you do reach a web page. Aside from the obvious benefits of blocking ads, you’re also keeping intrusive ads and tracking scripts away from your system. These ad networks can’t even make a request from your device, so they have significantly less ability to pull data from your machine and correlate activity over different websites.
- Enhanced Privacy: When you enable MACE, you’re connected to private DNS servers that are powered by the same encryption and no-logs policy as the rest of PIA’s VPN infrastructure. This is essential because your DNS requests tell a third party, such as your ISP, a lot about your browsing habits. Using a private DNS server like MACE keeps those requests out of the hands of snoopers and prevents your data from being sold to advertising agencies.
- Malware Protection: MACE does block access to a huge number of domains known for hosting malware and phishing scams. While it might not be able to catch the most recently registered ones, MACE does a solid job of blocking everyday threats alongside a dedicated anti-virus solution for file scanning. MACE may also be able to prevent some malware threats from phoning home to known malware C2 domains, but you shouldn’t rely on this to stop yourself from falling victim to a botnet.
- Resource Efficiency: This is where MACE differentiates itself from most other blocking solutions. By stopping ads from being downloaded, your browser has to do less work loading and parsing the advertisement assets, which could be anything from a static image to a HD video. Not only does this save on resources, but your in-browser adblocker has to do significantly less work because of it, only acting on the adverts that MACE didn’t catch. This saves you bandwidth, memory, and battery life on mobile devices to boot.
How to Set Up MACE
Actually enabling MACE is a pretty straightforward process:
- Install PIA: Download and install the PIA app on your device.
- Open Settings: Launch the app and click the icon with three dots at the top right of your client, or right-click the icon in your system tray and click “Settings”.
- Enable MACE: Select the “Privacy” section from the Settings tabs on the right-hand side of the screen and toggle the MACE checkbox so that it’s ticked.
- Reconnect: If you’re already connected to a VPN server, reconnect for the changes to take effect.
- Use it: MACE is now fully enabled and will work invisibly in the background, blocking ads and malware from your machine.
You can also access the MACE setting by clicking the extended drop-down button at the bottom of the client app, scrolling down to the “quick settings” panel, and clicking the stop-sign icon which represents MACE. You will still have to reconnect for it to take effect.
https://cdn.mos.cms.futurecdn.net/AJPCJ3YJJ4c8qVCqkUv4bZ-1200-80.png
Source link
